source: http://www.securityfocus.com/bid/25521/info

Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities.

An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which may aid in further attacks.The attacker may also be able to execute arbitray code in the context of the webserver. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Claroline 1.8.6 are vulnerable. 

http://www.example.com/inc/lib/languages.lib.php?language=../../[file]